I am all for oAuth replacing basic, but one of the remaining issues is consumer keys. With 1.0 signing is required thus requiring distributing keys with your application. We all know this is pretty unsafe since any hacker could yank them out. oAuth 2.0 does seem to solve a lot of the issues involving desktop applications, but is still being drafted. So maybe holding off basic auth depreciation until then might not be ideal, but I think it would help make porting to oAuth a bit easier. Just curious how soon can we expect 2.0 to be rolling out and if Twitter has considered at all extending basic auth's lifetime.